Patient Data Exposed at Phoenixville Hospital, Southwest Health Center, and Family Practice Center

Phoenixville Hospital Dismisses Employee Because of HIPAA Violation

Phoenixville Hospital based in Pennsylvania lately dismissed an employee because of accessing the health files of patients with no authorization. As per the hospital operator, Tower Health, unauthorized access was identified while doing a scheduled review of medical record access documents.

An employee with no valid work reason gained access to the health records of a number of patients from October 2021 to May 2022. Once the privacy breach was identified, the employee was suspended without delay while the internal investigation was in progress. Afterward, he was dismissed because of the HIPAA breach.

The employee looked at names, addresses, birth dates, consultation dates, diagnoses, vital sign records, prescription drugs, test data, and doctors’ notes. A few of the viewed records contained partial Social Security numbers and medical insurance details. Tower Health stated supplemental training is given to the employees relating to patient privacy and the viewing of health records.

Cyberattack at Southwest Health Center

The non-profit community healthcare organization, Southwest Health Center based in Platteville, WI, has lately begun informing patients concerning a cyberattack that was initially identified on January 11, 2022. According to forensic investigation, an unauthorized third party got access to files that contain the personal data and protected health information (PHI) of present and past workers, their dependents, and individuals who got medical care services at Southwest Health Center.

The compromised data during the breach involved names, birth dates, driver’s license numbers, Social Security numbers, state ID card numbers, financial account numbers, health data, and/or medical insurance data. The affected individuals received free credit monitoring and identity theft protection services.

The breach is not yet posted on the HHS’ Office for Civil Rights breach website, thus it is presently not clear how many persons were impacted.

October 2021 Hacking Incident Reported by Family Practice Center

Family Practice Center based in Pennsylvania has lately begun mailing notification letters to individuals who had their PHI exposed during an October 2021 cyberattack. Based on the substitute breach notice published on its website, a shutdown of its computer systems was attempted on October 11.

The cyberattack was investigated but results became available only on May 21, 2022, which is 7 months after the uncovering of the attack. It was confirmed that a few of the files viewed during the incident contained patient information like names, addresses, health insurance data, and health and treatment details. There were no patient health records involved. Affected individuals received notification letters on July 5, 2022. Family Practice Center stated it is not aware of any patient data misuse.

The incident is not yet posted on the HHS’ Office for Civil Rights breach website, therefore it is presently not clear how many persons were impacted.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at